Lucene search

[email protected]NVD:CVE-2021-24538

HistoryAug 16, 2021 - 11:15 a.m.

CVE-2021-24538

2021-08-1611:15:09

CWE-79

[email protected]

web.nvd.nist.gov

wordpress

plugin

xss

security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

Affected configurations

Nvd

Node

current_book_projectcurrent_bookRange≤1.0.1wordpress

VendorProductVersionCPE
current_book_projectcurrent_book*cpe:2.3:a:current_book_project:current_book:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
current_book_project	current_book	*	cpe:2.3:a:current_book_project:current_book::::::wordpress::*

References

wpscan.com/vulnerability/f9911a43-0f4c-403f-9fca-7822eb693317

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2021-24538

wpexploit1 cvelist1 cve1 wpvulndb1 prion1